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Chapter 5-8 

er 5: Information Engineering 

Difference between Software Engineering and Information Engineering 

o Software Engineering 

■ applies structured techniques to one project 
o Information Engineering 

■ applies structured techniques to the enterprise as a whole, or to a large section of 
the enterprise 

■ Application of an interlocking set of formal techniques for the planning, analysis, 
design and construction of information systems on an enterprise wide basis or 
across a major section of the enterprise 

■ Purpose 

• organization planning 

• business re-engineering 

• application development 

• information systems planning 

• systems re-engineering 

■ Principles 

• Architecture based 

o Provides a framework for understanding components, scope, 
interfaces 

• Business driven 

o The business imperative for the project is explored in detail in 

business analysis, 
o These business needs are explicit drivers for all the decisions 

through design and construction. 

• Concentrating on small projects 

o break the project down into smaller components and to address 
each component with a separate team. 

• Continuously refined 

o The 'divide and conquer' approach results in a refinement of 
scope and estimate at key points throughout the project. 

• Geared towards automation 

o planning, analysis, design, and construction cannot be achieved 
on an enterprise-wide basis without automated tools. 

• Use of graphical communication 

o Use of engineering diagrams to be used as communication tools 
between developers 
Information Engineering Models 

o An information model in software engineering is a representation of concepts and the 

relationships, constraints, rules, and operations 
o Information Modelling Language 

■ ERD 

■ UML 
- DFD 



• Information Engineering Framework 

o Applications 

■ Use of computerized tools to fit into the framework 

• Information Engineering Pyramid 

o Strategy 

■ About strategic planning, should be anchored firmly in the strategic planning of 
the business 

o Analysis 

- Where fundamental data and processes that are needed by the enterprise are 
identified 

■ Where need of the system is determined 
o Design 

- Data: Design of the records used by specific procedures 

- Activities: Design of procedures for executing specified processes 
o Construction 

■ Data: Application program view of the data 

- Activities: Design of detailed program logic or input to a code generator 
o Other notes 

■ Strategies for deployment and management of information engineering and 
corporate communication networks should exist. 

■ Top-level should guide and prioritize expenditures on computing 

■ The disciplines of information engineering are not practical without automated 
tools 

■ A large amount of knowledge about the enterprise and its systems is collected 
over an extended period and is constantly updated. 

■ This requires a computerized repository with extensive capability for cross 
checking and coordinating the knowledge. 

- The information collected at the higher stages should be used automatically as 
the analysts and implementers progress to the more detailed stages 

o IE Techniques 

■ Entity Analysis 

• It classifies all of the things into different entity types and their 
relationship. 

• Entity Model 

■ Entity Lifecycle Analysis 

• Describes the significant business changes to entities and confirm that 
processes have been modelled to effect these changes. 

■ Process Logic Analysis 

• Describes the sequences of activities carried out by a business process 
and shows which data are utilized by each activity. 

■ Matrix Cross Checking 

• Creates cross-references between data objects and processes to verify 
that they are necessary and complete. 

■ Normalization 

• Provides a formal means of confirming the correctness of the entity 
model and organizes data into relationships of data to reduce data 
redundancy. 

- Cluster Analysis 



• Helps define the scope of design areas for proposed business systems. 

- Function analysis and process dependency 

• takes a function ( a major business activity) of the enterprise and it 
consist of two diagrams: Process Dependency Program, Process 
Decomposition Program 

Information Engineering Tools 

o Automation Tools / CAx Tools 

■ ANN, DCS, HMI, Instrumentation, Motion control, PAC, PLC, Robotics, SCADA 
o CASE Categories 

■ Tools support individual process tasks. It may be general-purpose, stand-alone 
tools or may be grouped into workbenches. 

■ Workbenches support only one or a few activities. 

- Environments support (a large part of) the software process. 

■ Computer Aided Software Engineering (CASE) 

• Automated software tool used by systems analysts to develop 
information systems 

• Used to support or automate activities throughout the systems 
development life cycle (SDLC) 

• Increase productivity 

• Improve overall quality of systems 

• Purpose: To facilitate a single design philosophy within an organization 

• Components 

o Upper Case 

■ CASE tools designed to support the information 
planning and the project identification and selection, 
project initiation and planning, analysis and design 
phases of the systems development life cycle 

o Lower Case 

■ CASE tools designed to support the implementation and 
maintenance phases of the systems development life 
cycle 

o Cross life cycle 

- CASE tools designed to support activities that occur 
across multiple phases of the systems development life 
cycle 

• Objectives 

o Improve quality of systems developed 

o Increase speed of development and design 

o Ease and improve testing process through automated checking 

o Improve integration of development activities via common 

methodologies 
o Improve quality and completeness of documentation 
o Help standardize the development process 
o Improve project management 
o Simply program maintenance 
o Promote reusability 
o Improve software portability 
o CASE Tool Repository 



■ Holds complete information needed to create, modify and evolve a software 
system from project initiation and planning to code generation and maintenance 

- Two Segments 

• Information Repository 

o Provides automated tools to manage and control access to 
repository 

o Combines information about an organization's business 
information and its application portfolio 
■ Application Portfolio 

• Application programs used to manage business 

• Data Dictionary 

o Computer software tool used to manage and control access to 

the information repository 
o Contains all data definitions for all organizational applications 
o Cross referencing 

- Enables one description of a data item to be stored and 
accessed by all individuals 

- Single definition for a data item is established and used 

■ CASE Repository and the SDLC 

• During project initiation and planning phase, all information related to 
the problem being solved is stored in the repository 

o Problem domain, project resources, history and organizational 
context 

• During analysis and design phases, store graphical diagrams and 
prototype forms and reports 

• Data stored in repository are used for basis to generate code and 
documentation 

- Integrated CASE (i-CASE) 

• Seamlessly shares and integrates data across and between tools 

• Repository is central place to store information to share between tools 

• Automated systems development environment that provides numerous 
tools to create diagrams, forms and reports 

• Provides analysis, reporting and code generation facilities 

■ 4 Different Dimensions of CASE Tools 

• Life-cycle support 

• Integration dimension 

• Construction dimension 

• Knowledge-based CASE dimension 
Types of CASE Tools 

o Diagramming Tools 

- Enable representation of a system and components visually 

■ Sample: DFD, Functional Hierarchy Diagrams, Entity Relationship Diagram 
o Form and Report Generator Tools 

■ CASE tools that support the creation of system forms and reports in order to 
prototype how systems will look and feel to users 

■ Purpose 



• Create, modify and test prototypes of computer display forms and 
reports 

• Identify which data items to display or collect for each form or report 
o Analysis Tools 

■ Enable automatic checking for incomplete, inconsistent or incorrect specifications 
in diagrams, forms and reports. 

o Documentation Generator Tools 

■ Enable the easy production of both technical and user documentation 

■ Allow creation of master templates used to verify that documentation conforms 
to all stages of SDLC 

o Code Generation Tools 

■ Enable the automatic generation of program and database definition code 
directly from the design documents, diagrams, forms and reports stored in the 
repository 

o Emerging Development Tools 

■ Object-Oriented Development Tools 

• Development environment includes pre-defined objects and facilitates 
reuse of code 

■ Visual Development Tools 

• Allows developers to quickly build user interfaces through built-in 
features and functions. 

• Sample: Microsoft Visual Studio, Delphi, Powerbuilder, ColdFusion 

er 6: Applications and Integrations 

Enterprise Resource Planning 

o Set of core software modules that enables organizations to share data across the entire 
enterprise 

o Common database and management reporting tools 

o Enables people in various organizational units to access and update the same information 
Customer Relationship System (CRM) 

o Supports the processes performed by entities involved in creating or increasing the 
demand for an organization's products and services 

o Often part of the offering from an ERP software provider 

o CRM system must effectively capture and present customer information 
Supply Chain Management (SCM) 

o Planning, executing, monitoring, and controlling of this set of processes 
Supply Chain 

o Flow of materials, information, and dollars as they move from supplier to manufacturer to 
wholesaler to retailer to supplier 
Major Processes of ERP 

o Demand planning 

o Sourcing 

o Manufacturing 

o Logistics 

o Customer Service 
Goal of ERP 



o Lower costs and inventory levels while still providing timely delivery of high-quality 

products 
o Major ERP software suppliers 

■ include software modules to handle many of these tasks 

- No one supplier has a single, all-encompassing software package that meets all 
of the SCM needs 

• Benefits of Implement ERP 

o Standardized business processes 

■ Ensure that workers are performing their work in an efficient manner 

■ Provide a consistent interface between the organization and its customers and 
suppliers 

o Lowering cost of doing business 

- Reduced inventory costs 

■ Faster collection of receivables 

■ Lower vendor costs 

■ Tracking vendor performance to use as leverage in negotiating prices 
o Improving the overall customer experience 

■ Improved inventory management 

■ Shorten the lead time from receipt of order to delivery of product 

■ Improve overall product quality 

o Facilitating consolidation of financial data 

- ERP system enables rapid consolidation of financial data across multiple 
organizational units and countries 

o Supporting global expansion 
o Providing a compliant system 

• ERP Implementation Process 

o Purchasing an ERP application is only half the battle, a well-designed implementation 

plan is the key to success 
o Processes 

■ Initiation 

• Perform stage initiation tasks 

• Identify desired business needs 

• Develop business justification 

• Determine if system integrator will be used and select one 

• Perform stage closing tasks 

■ Requirements Analysis 

• Perform stage initiation tasks 

• Analyze current business processes 

• Determine business processes to be supported by ERP system 

• Define mandatory business requirements 

• Define which business organizations and locations to convert to ERP 
system 

• Perform stage closing tasks 

■ ERP Software Selection 

• Identify 2-4 candidate ERP software packages for in depth evaluation 

• Develop set of software package selection criteria 

• Evaluate candidate ERP software packages against selection criteria 

• Perform gap analysis 



• Select ERP system software 

• Select system support provider 

- Design 

• Define inputs needed and sources of inputs 

• Define required reports 

• Define necessary ERP system interfaces 

• Define other system outputs 

• Perform business process re-engineering 

• Define any mandatory software customization 

■ Implementation 

• Set ERP configuration paramaters 

• Clean up and migrate data from old sources to ERP system 

• Develop required interfaces 

• Perform necessary customizations 

• Implement controls and security 

• Train the trainers 

• Conduct end user training 

• Provide training for specialists 

• Test (business processes, hardware, system interfaces, interaction with 
system support providers) 

■ Maintenance and continuous improvement 

• Deliver on going training 

• Plan and implement software upgrades 

• ERP Issues 

o Post start-up problems 

■ Actual drop in performance for some period of time after their ERP system went 
live 

o High costs 

■ Costs commonly overlooked or underestimated in setting the budget for an ERP 
project (cost in hardware upgrades, training, testing, customization, data 
conversion, consultants) 

o Lengthy implementation 

- Organizational changes of great magnitude do not come easily or quickly 

■ Time frame for full implementation 

■ Faster ERP implementations are possible 

■ Small and medium businesses (SMBs) 
o Organizational resistance 

■ Considerable changes to an organization's business processes 

■ Includes modification in the way employees do their work and interact with 
others 

• Successful ERP implementations 

o Set of best practices 

■ Ensuring senior management commitment and involvement 

• Senior management must: 

o Define a vision for the ERP system with supporting goals and 

visible, measurable success criteria 
o Provide leadership and take action to ensure that the goals of 

the project are met 



■ Choosing the right business partners to help 

• Chosen business partners should have a solid, verifiable track record of 
successful engagements 

■ Assessing the level of ERP customization that may be needed 

• Determine if your organization's fundamental ways of doing business can 
be supported by an ERP solution 

■ Avoiding increases in project scope 

• There is much more that could be done than was included in the original 
project scope 

■ Planning for effective knowledge transfer 

• Employees need to understand the rationale of why ERP is being 
implemented 

• Training should not be considered a one-time event 

■ Test Thoroughly 

• Thorough testing = Key to a smooth start-up 

• Tests and test data must be set up carefully 

• Considerable time is required to plan and prepare the necessary test data 

■ Plan for a High Level of Initial Support 

• ERP Trends and Open source ERP Software 

o ERP solutions targeted for SMBs 
o ERP as a service 

■ Software as a service (SaaS) model for the delivery of ERP solutions 
o Open source ERP solution 

■ Advantages 

• Lower initial acquisition cost 

• User has access to the source code 

• Wide range of resources 

• Decision Support System (DSS) 

o A computer-based information system designed to help knowledge workers select one of 

many alternative solutions to a problem, 
o DSSs serve the management, operations, and planning levels of an organization and help 

to make decisions, which may be rapidly changing and not easily specified in advance, 
o Decision support systems can be either fully computerized, human or a combination of 

both. 

o Three components 

■ Data management module 

• a database or data warehouse that provides data for the intelligence 
phase 

■ Model management module 

• turns data into useful information 

• model represents an abstract representation 

• illustrates the different components or the relationships of a 
phenomenon 

• models are often based on mathematical research 

■ Dialog module 

• part of a DSS that allows user interaction with the program 

• displays the results of the analysis in textual, tabular, or graphical format 
o Benefits/Advantages 



■ Improves personal efficiency 

- Speed up the process of decision making 

■ Increases organizational control 

■ Encourages exploration and discovery on the part of the decision maker 

■ Speeds up problem solving in an organization 

■ Facilitates interpersonal communication 

■ Promotes learning or training 

- Generates new evidence in support of a decision 

■ Creates a competitive advantage over competition 

■ Reveals new approaches to thinking about the problem space 

■ Helps automate managerial processes 

- Create Innovative ideas to speed up the performance 
o Issues 

■ Data Capture and Collection 

■ Data Integrity and Security 

■ Unstructured Problems 

■ Management of DSSs 

- Cost-effectiveness 

■ Standardization 

■ Individual vs Group DSSs 

■ Data are not independent of spreadsheets 
o DSS in action 

- DSSs can be used on demand or integrated into a scheme that enforces 
corporate policy 

■ DSSs help maintain standard criteria in decision making throughout the 
organization 

■ Automated decision production is becoming very popular 

- Uses of DSS 

• Food production and retailing: to forecast the number of patrons, the 
amount of ingredients to purchase, etc. 

• Agriculture: allows farmers to make decisions about how to control 
specific pests, and for picking farm locations 

• Tax planning 

• Web site planning and adjustment: to analyze shopper behavior, and to 
design Web sites based on page usage 

• Yield management: to maximize revenue from airline trips or lodging 

• Financial services: to determine loan amounts, and to qualify customers 
based on credit history 

• Benefits selection: to allow employees to make decisions about their 
benefits 

• Outsourcing 

o Arrangement in which one company contracts with another organization to provide 

services that could be provided by company employees 
o Offshore outsourcing 

■ People doing the work are located in another country 
o Kinds 

- Information technology outsourcing (ITO) 



■ Business process outsourcing (BPO) 
Reasons of Outsourcing 

■ To Cut or Stabilize Costs 

• Service providers typically have a lower cost structure due to greater 
economy of scale, specialization, or expertise 

• Organizations that do not outsource probably have greater recruiting, 
training, research, development, marketing, and deployment expenses 

■ To Improve Focus 

• Enable an organization to focus on its most important priorities 

■ To Upgrade Facilities and Services 

• Outsourcing provider 

o Highly efficient, with world-class capabilities 

o Has access to new technology, methods, and expertise that 

would not be cost effective for its clients to acquire and maintain 

• Many organizations have outsourced their logistics operations to third- 
party logistics providers to manage complex global supply chains 

Issues with outsourcing 

- QUALITY PROBLEMS 

■ EXPOSURE TO LEGAL LIABILITIES 

• Details of the outsourcing arrangement are documented in a formal 
contract 

• Can generate expensive legal fees 

- NEGATIVE IMPACT ON BUSINESS PARTNER AND CUSTOMER RELATIONSHIPS 
SATISFACTION 

• Reduces the amount of direct communication between a company and 
its customers 

■ POTENTIAL DATA AND SECURITY BREACHES 

• Privacy concerns must be completely addressed. 
Offshore Outsourcing 

■ Controlling and managing work being performed when: 

• Outsourcing partner may not speak your language 

• Partner guided by different cultural values and industry standards 

• Acquiring a diversity or multicultural awareness training program 

■ Special issues 

• COST ADVANTAGE 

o Costs are arguably the chief motivation behind outsourcing. 
Often companies find that contracting work out to a 3rd party is 
cheaper. 

• TURNOVER 

o the rate at which employees leave a workforce and are replaced 
o The impact of high turnover has an indirect cost on the IT 

organization, which must increase time spend on knowledge 

transfer and training new individuals. 

• INTELLECTUAL PROPERTY RIGHTS 

o The intellectual property of companies includes business plans, 
trade secrets and other proprietary knowledge. 

• IMPORTANT TECHNOLOGY ISSUES 
Planning an effective Outsourcing Process 



Establishing a "Smart" Outsourcing Strategy 

• Recognize that outsourcing is not just about lowering labor costs 

• Requires an organization to work in a true partnership with the 
outsourcing provider 

• Smart sourcing 

o Determining the best way to do the work in the future 
Evaluating and Selecting Appropriate Activities and Projects for Outsourcing 

• Shifting seriously flawed operations to a less expensive organization does 
not solve fundamental problems 

• Risks 

o Dealing with increased management complexity 
o Heightened as the organization increases the scope of processes 
being outsourced 

• Start with a short-term, low-risk outsourcing pilot effort 

• At least 6 months are required to gain experience with the service 
provider 

• Company may want to expand the scope of its outsourcing efforts 
Evaluating and Selecting Appropriate Service Providers 

• Organization should think in terms of hiring a partner 

• Choose firm with which they can build a strong strategic partnership 

• SAS 70 audit 

o Statement of Auditing Standards No. 70, Service Organizations 
o Can help evaluate an outsourcing firm's internal Controls 
Evaluating Service Provider Locations 

• Any outsourcing service provider can be affected by economic turmoil, 
natural disasters, and political disturbances 

• Ideally, provider should have several geographic locations 

• Other factors: 

o Availability and reliability of high-speed communications 

networks and power grids 
o Availability of sufficiently trained workers 
o Effectiveness of the outsourcing firm's national legal system in 

protecting intellectual property 
Benchmarking Existing Service Levels 

• Organization should benchmark its existing service levels before signing 
outsourcing contract 

• Used to define the service-level agreement (SLA) of the contract 

• Choose the right measures to evaluate the performance of the process 
Developing an Outsourcing Contract 

• Organizations are opting for simpler, more business-specific 
arrangements that employ multiple service providers 

• Critical to determine what legal system and which country will have 
jurisdiction over any contract disputes 

Establishing an Outsourcing Governance Process 

• Formal and informal processes and rules 

• Defined Procedures 

• Requires dedicated, trained vendor relationship 

• Professionals 



■ Measuring and Evaluating Results 

• Enable the firm to hold its outsourcing provider accountable for 
implementing corrective action as needed 

• If the service provider's performance and costs do not meet the SLA 
standards 

• Develop New Market for Information 

o Market Development 

■ Expansion of the total market for a product or company by: 

• Entering new segments of the market 

• Converting non-users to users 

• Increasing usage per user 

o Steps in Developing New Market for Information 

■ Market Research 

• Action or activity of gathering information about consumer's needs and 
preferences 

■ Identify target market 

■ Assess existing technologies for Information 

■ Design 

■ Develop 

■ Evaluate 
o Trends 

- Mobile DSS/ERP 

■ Taking out the Middle Man 

■ Cloud Computing 

• the practice of using a network of remote servers hosted on the Internet 
to store, manage, and process data, rather than a local server or a 
personal computer. 

■ Smart Machines 

• an intelligent device that uses machine-to-machine (M2M) technology 

• are able to make decisions and solve problems without human 
intervention 

Chapter 7: Current IT Trends in IT and Emerging Technologies 

• Web 1.0 

o Web 1.0 refers to the first stage in the World Wide Web, which was entirely made up of 
Web pages connected by hyperlinks. It is generally believed to refer to the Web when it 
was a set of static websites 

o Static, aren't interactive, applications are proprietary 

o Times when a Web 1.0 approach is appropriate 

■ Information Resources 

■ E-commerce site (e.g Amazon) 

• Web 2.0 

o Collaborative nature of Internet 
o Introduced in 2004 

o Has become a part of our social and professional activities 
o The number Web 2.0 products and services are staggering 



It is the term given to describe a second generation of the World Wide Web that is 

focused on the ability for people to collaborate and share information online. 

It basically refers to the transition from static HTML Web pages to a more dynamic Web 

that is more organized and is based on serving Web applications to users 

Example: 

- Blog 

- Wikis 

■ Social Networks 
HTML 

■ Authoring language used to create documents on the World Wide Web. 
AJAX 

■ It is a term that describes a new approach to using a number of existing 
technologies together, including the following: HTML or XHTML, Cascading Style 
Sheets, JavaScript, the Document Object Model, XML, XSLT, and the 
XMLHttpRequest object. 

■ Make quick, incremental updates to the user interface without reloading the 
entire browser page. 

Advantages of 2.0 

■ Collaborative nature on user-content 

■ Use of AJAX as a technical component 

■ Inputted text is saved instead of overwritten 

■ Full page refresh is not required 

- Page state is maintained 

■ Mash-ups can be readily implemented 
Disadvantages of 2.0 

■ Security issues 

■ Lack of "bookmarkability" 

■ Cannot track URL history 

■ Harder to code applications 

■ Potential memory leaks 

■ Lack of support in older browsers 

- More testing required 
Web 2.0 Technologies 

■ Social Networks 

• Web-based services that allow individuals to set up profiles, blogs, and 
use online forums to communicate with one another 

- Blogs 

• Blogs - Popular term for a Web log, a Web site individuals can publish 
stories, opinions, and links to other Web sites of interest 

■ Content Hosting Services 

• Content Hosting Services - allow users to upload content that they have 
created for others to view. 

- Mashup 

• uses content from more than one source to create a single new service 
displayed in a single graphical interface 

- Wikis 



• a collaborative Web site where anyone who is allowed to access can 
contribute/add, delete, or modify content on the site, including the work 
of previous authors 

■ RSS - Rich Site Summary / Really Simple Syndication 

• Removes the need for the user to manually check RSS-enabled websites 
for new content. Instead, their browser constantly monitors the site and 
informs the user of any updates. 



• Web 3.0 

o Transforms Web from a network of separately soloed applications and content 

repositories to a more seamless and interoperable whole, 
o "Semantic Web" 
o Characteristics 

■ Ubiquitous 

• available at any time, anywhere, through any channel or device 

■ Individualized 

• filtered and shared by friends or trust network 

■ Efficient 

• relevant and contextual 

• information findable & instantly 

o Trends 

■ Ubiquitous connectivity 

• Broadband adoption, Mobile internet access, mobile devices 

• Availability anywhere, anytime 

■ Network Computing 

• Software-as-a-service business models 

o Software licensing and delivery model in which software is 
licensed on a subscription basis and is centrally hosted. It is 
sometimes referred to as "on-demand software. 

• Web services interoperability 

• Distributed computing ( P2P, grid computing, hosted "cloud computing") 

• Open Technologies 

o Open APIs and protocols (Facebook, Twitter, Google code, etc..) 
o Open data formats 

o Open source software platforms and open data 

■ Distributed databases 

• One view of Web 3.0 is the web being a big collection of databases which 
can be connected on demand. 

• Linking data is the power of Web 3.0 

■ Semantic Web 

• All information is categorized so that not only humans can understand it, 
but also computers. 

• Evolution of World Wide Web that provides machine-readable and 
machine-comprehensible information. 

• The Semantic Web is regarded as an integrator across different content, 
information applications and systems. 

• Purpose 



o Enable users to find, share and combine information more easily 
o Make the web readable by machines and not only by humans. 

• Challenges 

o Vastness 
o Vagueness 
o Uncertainty 
o Inconsistency 
o Deceit 

• Web 4.0 

o There is no concrete definition of Web 4.0 
o Only predictions on what Web 4.0 would bring 

o There are already existing concepts and technologies that would bring about Web 4.0 
o The era of Web 4.0 might have already been started during or even before the Semantic 

Web a.k.a. Web 3.0 
o Symbiotic Web 

■ Web 4.0 is commonly referred to as the Symbiotic Web 

■ Symbiosis - two different kinds of organisms exist together in a state of mutual 
dependence 

■ Symbiosis in this context is the interaction between humans and machines 
through more powerful interfaces 

o More powerful interfaces 

- Interfaces which encourage deeper contact between them and the humans using 
them 

■ More physical and "intimate" interaction 

■ What we might be having 

• Mind controlled interfaces 

■ What we have now 

• Haptic technology- recreation of sense of touch by applying forces, 
vibration, or motion 

• Facial recognition 
o The Internet of Things 

- The next great phase of the Internet 

■ Objects join in the network of humans and machines 

■ Made possible through IPv6 and RFID technology 

■ Ubiquity, Identity, and Connection 

■ Ubiquity 

• It is about activity, not just data 

• Most human activity takes place offline 

• Pervasive computing, ubiquitous computing, ambient intelligence, 
"even/ware" 

• Ambient Intelligence 

o Electronic environments that are sensitive and responsive to the 

presence of people 
o Embedded, context-aware, personalized, adaptive, anticipatory 

■ Identity 

• Personalized services 

• Personalization will be the new normal 

• Shift of focus from demographics to direct behaviour 



• Tailored-fit to the individual's needs 

• Ultra Intelligent electronic agent 

o "Web 4.0 is about intelligence" 

o Personal intelligent "agents" will be embedded on every device 
o "It can give you what you didn't ask for but you should have 
asked for" 

• Connection 

o Thing-to-thing communication, not just thing-to-person 
communication 

o By 2020, approximately 75 billion devices will be connected to 
the Internet of Things 

- Challenges 

• Standards in wireless connections and telecommunications 

• Huge amounts of electricity required to power up 75 billion things 

• Privacy 

• Security 

• Cloud Computing 

o Cloud computing most commonly refers to the delivery of computing services over the 
Internet as an alternative to running hardware and software in your data center or 
computer room 

o You rent or subscribe to computing capability, rather than installing and running systems 
yourself 

o Everything from raw computing power to full- blown business applications can be 
delivered in this way. 

o Most organizations that adopt cloud computing are likely to do so alongside their in- 
house systems 

o Cloud computing involves pooling lots of hardware and software together and sharing it 

out to whoever needs it, on demand 
o Service providers offer public clouds, but IT departments can use the same technology to 

create private clouds 
o Services 

- Business application services 

• Deliver complete business functionality 

• Customer Relationship Management (CRM) Systems 

• Enterprise Resource Planning (ERP) 

■ Hosted productivity tools 

• Spearheaded initially by hosted email and web conferencing, the number 
of services offered in this area has exploded to include full unified 
communications and/or social tools such as directories, blogs, wikis and 
social networking 

■ Hosted communications and social tools 

■ Trading community services 

■ Plug-in services 

• Application elements which plug into or combine with existing 
applications to enhance or extend them. 

• Examples 

o Mapping 

o Credit card payment services 



o Credit checking 

- Operational services 

• Provides services concerned with the following: 

• online backup 

• Archiving 

• Security (such as email filtering) 

• Full-blown monitoring and management tools 

■ Application platform services 

• Provide development and runtime environments which enable 
organizations to build custom applications hosted online 

■ Utility services 

• Provide raw compute and storage resources to run your own software 
and store data 

o Benefits 

■ Improve IT responsiveness 

• Application and plug-in services can boost IT responsiveness by short- 
cutting the development work and platform implementation 
requirements for new applications 

■ Modernize and future-proof 

• Service providers can afford to invest in the latest technologies, which in 
turn, can be made available to their customers 

- Keep pace with work practice evolution 

• The concept of remote access is a natural fit with increasingly popular 
home- and mobile- working, which can sometimes be quicker and more 
cost effective than in-house 

■ Reach out via the Web 

• Many organizations deploy externally-facing applications to customers, 
trading partners, suppliers and so on 

■ Manage costs and resources 

• Costs/benefits of cloud services depend on the service being 
implemented 

■ Address space and power constraints 

• Utility services can help by reducing the requirement for local equipment 
and by working around the problems of accommodation, power 
consumption, and poor server utilization 

■ Reduce risk and ensure compliance 

• A competent business service provider has security, backup, fault 
tolerance and recovery capabilities that are likely superior to anything 
that its customers can afford 

• Cloud Deployment Models 
o Private Clouds 

- Usually dedicated to an organization - may be managed by the organization or a 
third party and may exist on premise or off premise 

o External Clouds 

■ Public Cloud 

• Exists externally to its end user and is generally available 

• with little restriction as to who may pay to use it 

• Most common are those accessed via the Internet 



• Made available to the general public or a large industry group and is 
owned by an organization selling cloud services 

■ Community Clouds 

• Shared by several organizations and supports a specific community that 
has shared concerns - may be managed by the organization or a third 
party and may exist on premise or off premise 

■ Hybrid 

• Infrastructure is a composition of two or more clouds that remain unique 
entities but are bound together by standardized or proprietary 
technology that enables data and application portability 

• Cloud Service Models 

o Infrastructure as a Service (laaS) 

■ The capability provided to the consumer is to provision processing, storage, 
networks, and other fundamental computing resources where the consumer is 
able to deploy and run arbitrary software which can include operating systems 
and applications. 

- Includes Hardware as a Service and Storage as a Service 

■ Useful when: 

• Short of space 

• Lower capital/operational cost 

• No maintenance required 

• Demands fluctuate 

o Platform as a services (PaaS) 

■ The capability provided to the consumer is to deploy onto the cloud 
infrastructure consumer-created or acquired applications created using 
programming languages and tools supported by the provider. 

■ For deploying externally-facing applications on the web which require massive 
scalability and the ability to deal with highly fluctuating demand 

■ Often referred to as Application platform services 

■ Enables you to grab resources on-demand to 

- prototype, test, pilot, and so on 
o Software as a Service (SaaS) 

■ The capability provided to the consumer is to use the provider's applications 
running on a cloud infrastructure 

■ The applications are accessible from various client devices through a thin client 
interface such as a Web browser 

- The consumer does not manage or control the underlying cloud infrastructure 
including network, servers, operating systems, storage, or even individual 
application capabilities, with the possible exception of limited user-specific 
application configuration settings 

■ Offers a range of application services: 

• Business application services such as CRM and ERP 

• Hosted productivity tools including desktop suites, modeling and project 
management 

• Hosted communications such as email, web 

• conferencing and social tools 

• Trading community services, such as customer and 



• supplier collaboration and transactions 

• Plug in services such as mapping, credit card payments and credit 
checking 

• Operational services like backup, archiving and email filtering 

• Web mining 

o It is an application of data mining techniques on the web to automatically discover 
interesting patterns. 

o It is the computational process of discovering patterns in large data sets involving 
methods at the intersection of artificial intelligence, machine learning, statistics, and 
database systems. 

o Types 

■ Web Usage Mining 

• It is to analyze and discover interesting patterns of user's usage data on 
the web. 

■ Web Content Mining (WCM) 

• It is the discovery of useful information from 

o Web contents 

o Data 

o Documents 

• Assists/Improves information finding 

• Filtering information to users on users profiles 

• Techniques used 

o Classification 

■ It is the technique to map a data item into one of several 
predefined classes. 

o Clustering 

■ It is the technique used to group together users or data 
items (pages) with the same characteristics or that are 
relevant to each other. 

o Association Rules 

■ Can be used to discover unordered correlation between 
items found in a database of transactions. 

• Sample: web search engines like yahoo, google etc 

■ Web Structure Mining (WSM) 

• To discover the structural summary about the website and web pages. 

• This can be used to categorize the web pages and integrate different 
web pages 

o Issues 

■ Web data sets can be very LARGE 

■ Cannot mine on a single server 

■ Problems with security, privacy (crawlers) and some legal issues 
Chapter 8: Current Risk in IT and Risk Management 



Computer Security Risk 



Is any event or action that could cause a loss of or damage to computer hardware, software, data, 

information, or processing capability 

Malware 

o Malicious Software 

■ Which are program that act without a user's knowledge and deliberately alter the 
computer operation 

■ Types 

• Trojan Horse 

o Hidden inside programs that performs useful tasks 
Looks legitimate program until triggered 



o 

Worm 

o 
o 
o 

Virus 

o 



Use computers to reproduce themselves 
Autonomous spread through computer networks 
Can possibly shut down computer or network 



It invades program and use them to reproduce themselves and 
damage files 
o Can spread in: 

■ Removable media 

■ Downloads off the internet 

■ E-mail attachments 
o Protection: 

- Set macro security level in applications that allow you to 
write macros 

■ At medium security level, warning display that document 
contains macro 

o Virus Signature 

- A unique string of bits, or the binary pattern, of a virus. 

■ The virus signature is like a fingerprint in that it can be 
used to detect and identify specific viruses. 

■ Anti-virus software uses the virus signature to scan for 
the presence of malicious code. 

o Antivirus 

- Software that identifies and removes computer viruses 

- Use a heuristic algorithm to find viruses based on 
common behaviours 

■ Examines files as they are being opened, downloaded, 
copied, accessed and transmitted 

Prevention 

Install reliable anti-virus software 
Update your anti-virus software regularly 
Get immediate protection 
Install a personal firewall program 
Set the macro security in programs 
Type of Perpetrators 

• Hackers - Exploit systems, applications and network vulnerabilities 



• Crackers - a person who uses computers to gain unauthorized access to 
data. 

• Insider - a person within a group or organization that disrupts the 
company's information system 

• Industrial spy - captures trade secrets and gain competitive advantage 

• Cybercriminal - Distribute and sell stolen data and goods from associated 
cybercriminals 

• Cyber terrorist - These criminals attack other people's computers to 
perform malicious activities, such as spreading viruses, data theft, identity 
theft, etc. 

■ Unauthorized Access and Use 

o Data Theft 

- DATA THEFT is a growing problem primarily perpetrated by people with access to 
technology such as desktop computers and hand-held devices capable of storing 
digital information such as USB flash drives, iPods and even digital cameras. 

- Types 

• Hacking: A hacker gets into a system where he or she is not supposed to 
be, and steals whatever data was aimed at through gaps in the security 
system or by hoodwinking gullible employees / surfers in order to gain 
access to a system. 

• Posing: The attractive website that has popped up offering you a great 
holiday treat may actually be a data thief trying to get into your system 
under the 'mask' of a piece of harmless spam. 

• Remote Access: Remote access allows the thief to gain control of your 
machine from wherever he or she is and operate it, steal data from it, and 
even distribute virus from it. 

• Spyware: Often brought in by adware. The thief may not sit in your 
system, but your key strokes or mouse clicks would be spied upon, 
revealing what you are doing and 'reading' the data as you put it in. 

• Podslurping: Music is now stored in iPods for almost all domestic users. 
You would usually not suspect an employee rocking to music while 
working as usual. The thief knows this and is using the iPod to obtain 
data outputs from the computer where it is plugged 

• Thumbsucking: Another tiny and dangerous device is the USB storage 
drive. All an employee needs to do is plug in a pen drive, and 2 GB of 
data would flow in quietly into the pocket from the computer. 

• Bluesnarfing: Using his or her Bluetooth-enabled cell phone or laptop, 
the data thief lifts data from a restricted computer in silence and mostly 
unnoticed. 

■ Possessed objects 

• A possessed object is any item that a user must carry to gain access to 
a computer or computer facility. 

• Possessed objects are often used in combination with personal 
identification numbers. 

■ Biometric devices 

• These are devices that identify persons seeking access to a computing 
system by determining their physical characteristics through fingerprints, 
voice recognition, retina patterns, pictures, weight, or other means. 



• Examples are: Face scanner, Hand scanner, Finger scanner, Retina 
scanner, and Voice scanner 

o Denial of Service, Backdoor, Spoofing and Firewall 

■ Denial of Service 

• Denial-of-Service(DOS) or distributed denial-of-service(DDoS) attack is 
an attempt to make a machine or network resource unavailable to its 
intended user 

- Backdoor 

• Backdoor in a computer system is a method of bypassing normal 
authentication, securing unauthorized remote access to a computer, 
obtaining access to plaintext and so on, while attempting to remain 
undetected. The backdoor may take form of an installed program or may 
subvert the system throughout a rootkit. 

■ Spoofing 

• Situation in which one person or program successfully masquerades as 
another by falsifying data and thereby gaining an illegitimate advantage. 

■ Firewall 

• Firewall is a network security system that controls the incoming and 
outgoing network traffic based on applied rule set. 

• A firewall establishes a barrier between a trusted, secure internal 
network and another network that is assumed not to be secure and 
trusted. 

• Firewalls exist both as a software solution and as a hardware appliance. 

• Personal Firewall 

o Program that protects personal computer and its data from 

unauthorized intrusions 
o Monitors transmissions to and from computer 
o Informs you of attempted intrusion 

■ Hardware Theft 

o Hardware theft is the unauthorized taking of computer hardware, 
o Hardware Vandalism 

- Is the act of defacing or destroying computer equipment/s 

■ Hardware vandalism can take in many forms: 

• Cutting a computer cable to individuals 

• Break into business or school computers and smash computers 

■ Sofware Theft 

o Software theft happens when someone: 

- steals software media, 

■ intentionally erases programs, 

■ illegally copies a program, 

■ or illegally registers and/or activates a program, 
o License Agreement 

■ Software license agreement is the contract between the licensor and purchaser 

■ It is also known as EULA (end-user license agreement) for proprietary software 
(closed-source software) 

■ free software license grants users of that software the rights to use for any 
purpose, modify and redistribute creative works and software, both of which are 



forbidden by the defaults of copyright, and generally not granted 
with proprietary software. 
■ Information Theft 

o The crime of obtaining the personal or financial information of another person for the 
sole purpose of assuming that person's name or identity in order to make transactions or 
purchases 
o Sample: 

- Stolen Checks 

■ Credit Card Number Theft 

■ Passports 

■ Driver License Number Misuse 
o Encryption 

- Is the process of encoding messages or information in such a way that only 
authorized parties can read it. 

■ Kinds 

• Transposition 

o a method of encryption by which the positions held by units 
of plaintext (which are commonly characters or groups of 
characters) are shifted according to a regular system, so that 
the ciphertext constitutes a permutation of the plaintext. 

• Substitution 

o is a method of encoding by which units of plaintext are replaced 
with ciphertext, according to a regular system; the "units" may be 
single letters (the most common), pairs of letters, triplets of 
letters, mixtures of the above, and so forth. 

• Expansion 

o refers to the length increase of a message when it is encrypted. 
Many modern cryptosystems cause some degree of expansion 
during the encryption process, for instance when the 
resulting ciphertext must include a message-unique Initializatio 
Vector (IV). 

- Internet Security Risk 

o How do web browsers provide secure data transmission? 

■ Many web browsers use encryption 

■ Secure site 

• Is a website that uses encryption to secure data 

- Digital Certificate 

• Is a notice that guarantees that a website is legitimate 
Certificate Authority (CA) 

• Authorized person or company that issues and verifies digital certificates 

• Users apply for digital certificate from CA 

- Secure Sockets Layer 

• Provides encryption of all data that passes between client and Internet 
server 

• Web addresses beginning with "https" indicate secure connections 
o Wireless Security 

- Secure your wireless access point (WAP) 

• WAP should not broadcast your network name 



• Enable Wired Equivalent Privacy or Wi-Fi Protected Access (WPA) 
o Establishing Security Policy 

■ Security Policy 

• Defines an organization's security requirements 

• Defines controls and sanctions needed to meet those requirements 

■ Automated system rules should mirror an organization's written policies 

■ E-mail attachments 

• Critical security issue 

■ Virtual private network (VPN) 

• Uses the Internet to relay communications 

• Maintains privacy through security procedures and tunneling protocols 

- Educating Employees, Contractors, and Part-Time Workers 

■ Discuss recent security incidents 

■ Protect an organization's information systems and data by: 

■ Guarding their passwords 

• Applying strict access controls 

• Reporting all unusual activity to the organization's IT security group 

■ System Failure 

o The condition in which a system no longer performs the function it was intended to, or is 

not able to do so at a level that equals or exceeds established minimums. 
o Causes 

■ Users Error 

■ Faulty manufacture/creator 

■ Power problems 

■ Environmental factor 
o Surge Protector 

- Prevents a computer system from functioning properly such an error is usually 
remedied by rebooting. 

■ A component, circuit, or device which reduces, eliminates, or prevents surges, 
especially those occurring through power or communications lines. 

o Backing Up 

- Its is refers to the copying and archiving of computer data so it may be used 
to restore the original after a data loss event. 

- Types 

• Full Backup 

o Full backup is a method of backup where all the files and folders 
selected for the backup will be backed up. When subsequent 
backups are run, the entire list of files and will be backed up 
again. 

• Incremental 

o Incremental backup is a backup of all changes made 

since the last backup. With incremental backups, one full backup 
is done first and subsequent backup runs are just the changes 
made since the last backup. 

• Differential Backup 

o Differential backup is a backup of all changes made since the last 
full backup. With differential backups, one full backup is done 



first and subsequent backup runs are the changes made since 
the last full backup. 

• Types 

o Storage Media 

- Magnetic Tape 

■ Hard Disk 

■ Optical Storage 

- Floppy Disk 

Evaluation Risks 

o Risk Protection/Estimation 

o The business risk is associated with the use, ownership, operation, involvement, influence and 

adoption of IT within an enterprise 
o The challenge of protecting the assets of the organization (like data or information) increases 

largely because of increasing risks and threats to their access, 
o To protect these assets, the organization must analyze and identify the risks, how vulnerable 

their systems are to different kinds of threats, and their potential damages, 
o Developing a Risk Table 
o Procedure: 

■ Identify and list risks 

■ Identify the consequences of each risk 

- Assign a probability of each risk happening 

■ Assign impact based on pre-established guidelines 

■ Determine the risks for elements in the project 
o Metrics 

■ Probability or Likelihood 

• A risk is an event that "may" occur. This refers to the frequency or 
probability of it occurring can range anywhere from just above 0 
percent to just below 100 percent. 

• Severity or Impact - These are the negative effects that might be 
caused by the risks. However, the size of the impact varies in terms of 
cost and impact on health, security, or some other critical factors. 

Handling Risk 
Risk Prevention 

o Installing a corporate firewall 

o Established through the use of software, hardware, or a combination of both 

o Can lead to complacency 
o Intrusion prevention systems 

o Prevent an attack by blocking viruses, malformed 

o packets, and other threats from getting into the company network 
o Installing antivirus software on personal computers 

o Virus signature 
o Specific sequence of byte 

o Most of the virus and worm attacks that the team analyzes use already known programs 

o Crucial that antivirus software be updated continually with the latest virus detection 
information 



o Conducting periodic IT security audits 

o Evaluate whether an organization has a well considered security policy in place and if it is 

being followed 
o Test system safeguards 
o Federal Computer Security Report Card 
o Intrusion detection system 

o Software and/or hardware 

o Monitors system and network resources and activities and notifies network security 

personnel when it identifies possible intrusions 
o Different approaches to intrusion detection 
o Knowledge-based approaches 
o Behavior-based approaches 

Risk Response 

o Primary goal 

o Regain control and limit damage 
o Not to attempt to monitor or catch an intruder 
o Incident notification 

o Define who to notify and who not to notify 
o Protecting evidence and activity logs 

o Document all details of a security incident 
o Incident containment 

o Act quickly to contain an attack 
o Eradication 
o Incident Follow Up 

Risk Mitigation and Management 

o Risk Mitigation 

o A systematic reduction in the extent of exposure and/or the likelihood of its occurrence, 
o The process by which an organization introduces specific measures to minimize or 
eliminate unacceptable risk associated with its operations, 
o Risk Monitoring 

o Maintaining ongoing awareness of an organization's risk environment, risk management 
program and associated activities to support risk decisions, 
o Risk Monitoring and Control 

o The process for tracking identified risks, monitoring residual risks, identifying new risks, 
executing risk response plans, and evaluating their effectiveness throughout the project 
life cycle 
o Risk Management 

o The identification, assessment, and prioritization of risks followed by coordinated and 
economical application of resources to minimize, monitor, and control the probability 
and/or impact of unfortunate events 

o Reasons 

- Saves resources 

■ Protects public image 

■ Protects people from harm 

- Prevents/reduces legal liability 

■ Protects the environment 



o Risk Management Process 

■ Identify potential exposure to loss 

■ Measure frequency and severity 

■ Examine alternatives 

■ Decide which alternative to use 

■ Implement the chosen technique 

■ Monitor the results 
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